FarmVille and other Facebook games unknowingly leaking private details

User and friend names transmitted and sold to ad firms

A number of leading Facebook applications  including some of its most popular games  have been identified as transmitting users' identities to third-party firms.

In most cases this has seemingly been done without the developers' knowledge, but Facebook this weekend shut down apps identified as deliberately sharing information (including a number by VC-backed startup LOLapps Media).

An investigation by The Wall Street Journal found that games such as Zynga's FarmVille and Texas HoldEm Poker were apparently inadvertently making players' Facebook IDs  from which real names can be easily established  to data-mining and advertising companies.

In some cases (again including FarmVille), the identity of users' friends was also shared. "Zynga has a strict policy of not passing personally identifiable information to any third parties," claimed a spokeswoman. "We look forward to working with Facebook to refine how web technologies work to keep people in control of their information."

The WSJ outed a data firm known as RapLeaf as selling on a database of users which included those extrapolated from leaked Facebook IDs. It was also found to be transmitting user IDs to a dozen more marketing organisations, which it claimed was unintentional.

Facebook confirmed it would be taking steps to prevent this from continuing, as well as shutting down any further apps found to be deliberately transmitting information.

The company also claimed that knowledge of user IDs doesn't entail access to anything other than real names, but pledged to tighten its systems in response to the findings.

"This is an even more complicated technical challenge than a similar issue we successfully addressed last spring on Facebook.com," said a spokesman, "but one that we are committed to addressing."

The social network has been subject to significant scrutiny over its privacy systems, and in June this year was forced to overhaul its security controls in response to widespread user concern and confusion over what details were being made public.

Sign up for The Daily Update and get the best of GamesIndustry.biz in your inbox.

I never trusted 3rd party apps at social networks and was afraid of leak. My friends called me a paranoiac, but now i feel better because i was right. Not same investigation should be started at another social networks like Vk (vkontakte).

Let's not pretend there's any technical issue here: Facebook simply don't respect privacy, profit from that lack of respect and have a corporate policy of doing the exact minimum needed to appease their users.

Their users are so careless about their own privacy that 'mimimum' will be very, very minimal.

Why is anyone surprised by this? My guess is, FB knew but maintained plausible deniability regarding this. Facebook is a place you are forbidden, by policy, to be anonymous. Having all of those real names is just too much a temptation for any faceless business entity. What shocks me more is that people willingly go along with such a system.

I notice that they're only punishing developers that are 'deliberately' leaking data.
How about they punish all those 'accidental' leaks and encourage a little security.
Sounds like they're only going to slap the wrists of people being too obvious, and everyone else can carry on.

I am an artist and was 3 years on facebook had 1600 friends visiting my art and making comments
I used facebook to communicate with my family
last week no warning or explanation my profile was deactivated
I got from them this:
Hi Giora,

Your account was disabled because your behavior on the site was identified as harassing or threatening to other people on Facebook. Prohibited behavior includes, but is not limited to:

After reviewing your situation, we have determined that your behavior violated Facebook's Statement of Rights and Responsibilities. You will no longer be able to use Facebook. This decision is final and cannot be appealed.

Please note that for technical and security reasons, we will not provide you with any further details about this decision.

thats not good....i played farmvile for a bit a now i find out that my details are been shared!....oh so thats how my inbox became full of junk....looks like i wont be playing on facebook anytime soon...

the simple thing is facebook cant and never can be trusted...i wonder when the public will wake up and hear the music.....

It has long been established that Facebook Apps have access to most of your information.
That's the reason apps are created, to mine user data to be sold, that's how they make money.
I use as few apps as possible, and as mentioned above, I only use Facebook because it has become an institution.